Security News > 2023 > November

Over the past couple of months, ransomware attacks have been escalating as new operations launch, old ones return, and existing operations continue to target the enterprise. While these are not confirmed to be ransomware attacks, they share many signs usually associated with such attacks.

It's not actually alive, but it twitches in response to soy sauce. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Hilb Group has warned more than 81,000 people that around the start of 2023 criminals broke into the work email accounts of its employees and may have stolen a bunch of sensitive personal information. In a notification to the Maine Attorney General's office on Thursday, the biz said miscreants accessed people's first and last names and sensitive financial data and credentials.

A former Dutch cybersecurity professional was sentenced to four years in prison after being found guilty of hacking and blackmailing more than a dozen companies in the Netherlands and worldwide. The suspect, a 21-year-old man from Zandvoort named Pepijn Van der Stap, has been convicted on multiple charges, including hacking into victims' computers, extortion, and laundering at least 2.5 million euros in cryptocurrency.

In the active Elektra-Leak campaign, attackers hunt for Amazon IAM credentials within public GitHub repositories before using them for cryptomining. New research from Palo Alto Networks's Unit 42 exposes an active attack campaign in which a threat actor hunts for Amazon IAM credentials in real time in GitHub repositories and starts using them less than five minutes later.

Joshua Bowles, a former Government Communications Headquarters programmer, attacked the individual in March following at least a month of planning, police said. Bowles visited the leisure center four weeks prior to the attack after researching the victim extensively to plan out the attack.

Allied Pilots Association, a labor union representing 15,000 American Airlines pilots, disclosed a ransomware attack that hit its systems on Monday. APA said that its IT team and outside experts are working on restoring systems impacted by the ransomware attack from backups, with an initial focus on first bringing back pilot-facing products and tools in the hours and days ahead. The union has launched an investigation led by third-party cybersecurity experts to assess the full extent of the incident and its impact on data stored on compromised systems.

Google Play, Android's official app store, is now tagging VPN apps with an 'independent security reviews' badge if they conducted an independent security audit of their software and platform. Starting with VPN apps, which Google considers critical for user privacy and security due to handling sensitive data, the Play Store will display the "Independent security review" badge in the Data Safety Section.

Microsoft has made fresh commitments to harden the security of its software and cloud services after a year in which numerous members of the global infosec community criticized the company's tech defenses. The long and short of it is that Microsoft is pushing the big AI button a few more times, more deeply embedding the tech throughout its security operations and products.

Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations. ZDI-23-1578 - A remote code execution flaw in the 'ChainedSerializationBinder' class, where user data isn't adequately validated, allowing attackers to deserialize untrusted data.